Primary

Context

Nextend Social Login Pro Authentication Bypass Vulnerability via Apple OAuth

Vulnerability

A vulnerability allowing authentication bypass has been identified in the Nextend Social Login Pro plugin for WordPress, affecting versions through 3.1.16. The issue arises from inadequate verification of the user information provided during the Apple OAuth authentication process. This flaw enables unauthenticated attackers to log in as any existing user on the site, including administrators, if they have access to the user's email address.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling attackers to log in as any user, including those with administrative privileges.

Remediation

Users can update to Nextend Social Login Pro version 3.1.17 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nextend Social Login Pro Authentication Bypass Vulnerability via Apple OAuth

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating